projects / pspp / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e157cc5) | patch
sys-file-reader: Avoid null dereference skipping bad extension record 18.
authorBen Pfaff <blp@cs.stanford.edu>
Tue, 4 Jul 2017 16:54:47 +0000 (12:54 -0400)
committerBen Pfaff <blp@cs.stanford.edu>
Tue, 4 Jul 2017 16:55:04 +0000 (12:55 -0400)
commitbf03b53a3c0f0d1066062f37919015a8fa6ad436
tree6ce15e2b557d1a067f961f2b9c0544f0f7ffed68tree | snapshot
parente157cc5ad11e3f7ae96cbbac5ec21dc57726c9aacommit | diff
sys-file-reader: Avoid null dereference skipping bad extension record 18.

read_record() assumed that read_extension_record() never set its output
argument to NULL when it returned true, but this is possible in an error
case.

CVE-2017-10792.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
See also https://security-tracker.debian.org/tracker/CVE-2017-10792.
Reported by team OWL337, with fuzzer collAFL.
src/data/sys-file-reader.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.